PAASOO PRIVACY POLICY

Effective date March 1st, 2020

PaaSoo is a cloud communications platform providing reliable and high quality text and voice APIs, enabling enterprise and aggregator customers to reach their global users.

Here at PaaSoo we treat the protection of your and your end users personal data very seriously. This privacy policy will explain you your rights regarding your personal identifying information that you share with us, how we will process them information in connection with your use of our services, including our website and how to contact us. We want to make sure that you make informed decisions about your personal information when building your software applications on PaaSoo’s platform. We also want to provide you with relevant information to help your end users make informed decisions about their personal information when they use your software applications built on PaaSoo’s platform.

Which categories of personal information are being processed by PaaSoo?

PaaSoo processes the following categories of personal information when you use our services:

  • Your personal information as a customer (or potential customer) of PaaSoo’s services — hereinafter referred to as "Customer Account Data";and
  • The Traffic Data that is processed by PaaSoo to handle the communication exchanged during the use of PaaSoo’s services.This category contains the personal information of your end users who use or interact with your application that you've built on PaaSoo's platform, like the people you communicate by way of that application.The Traffic Data include the data on the routing, type, duration, and time of the communication and the data used to trace and identify the source and destination of a communication (e.g., communications metadata, contents of communications, SMS terminated to or originated from your end-users and their phone numbers).

How does PaaSoo use and process the personal information?

The collection and process of personal information from individuals based in the European Economic Area(EEA) are governed by the General Data Protection Regulation n 2016/679 well known as GDPR. Such regulation has implemented a high level standard of personal data protection. As a global communication service provider, PaaSoo aims to comply with the GDPR to ensure the best security for your and your end users personal information.

The GDPR differentiates between "controllers" and "processors" of personal information.A controller decides why and how to process personal information whereas a processor processes personal information on behalf of a controller based on the controller's instructions. When PaaSoo processes your Customer Account Data, we are acting as a controller.

We use Customer Account Data to further our legitimate interests to:

  • manage our relationship with you and contact you,
  • providing you with our services,
  • carry out core business operations such as accounting, filing taxes, and fulfilling regulatory obligations and
  • help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our services.

What personal information does PaaSoo collect?

Customer Account Data

We collect and process your personal information:

  • When you visit PaaSoo website like www.paasoo.com, client.paasoo.com and jira.paasoo.com or make a request to receive information about PaaSoo or our services;
  • When you contact our Sales Team or Customer Support Team; and
  • When you sign up for a PaaSoo account and use our services.

Customer Account Data include the following information:

  • your name;
  • your phone number;
  • your email address;
  • your company name.

PaaSoo may require additional information such as your passport or ID to verify your identity while processing to payment. You will be specifically informed in such event.

Customer Usage Data

We also collect Customer Usage Data from you when you send or receive communications through your use of our services.

When you visit our websites, we may collect the log information such as your Internet Protocol address, browser type and language, the date and time of your query.

This data might take different forms, and we might use it for different purposes.

Collecting personal information, what for?

- The purposes -

Depending on your interactions with us, we might collect the following categories of personal information, and for the following reasons:

  • We collect Identifiers, like your name and contact information (Customer Account Data), when you sign up or use our products or, verify your identity, and communicate with you.
  • We collect Commercial information when we keep track of the services that you purchase from us and our communications history about those services.
  • We collect Financial information, such as your payment information, when you pay for our services. PaaSoo does not collect your credit card information since the whole payment process is hosted and handled by PayPal. For more information, we recommend you to read PayPal terms of use.
  • We collect Internet and other electronic activity information, such as communications metadata, as you browse our website or use our services. This metadata may be information about how you browse our websites and what features you use on our service. It also may be your Customer Usage Data as you send communications over the service.
  • We collect Geolocation information when you use our services. Depending on the product or service, this could be location based on your IP address, or, such as if you are using our IoT products and services, based on the cell tower to which a mobile device is connected, or Wi-Fi triangulation.
  • We collect Professional or employment information, such as your company or employer or your role at your company.
  • If you attend an event or fill out a form or survey with us, we might collect your age, your gender, or other information that counts as characteristics of protected classifications; however, we will only collect those with your knowledge and opt-in consent.

In addition, when PaaSoo is acting as a processor and a service provider, we process Traffic Data that may include personal information from any of those categories, plus others. You will be able to help your end users directly with more details on what categories you are collecting and using from them.

How long does PaaSoo store the personal information?

Customer Account Data

PaaSoo will retain these records for as long you instruct and:

  • If no specific instruction is given to delete these records, then PaaSoo will store the Customer Account Data for as long as it is necessary to maintain your customer account and provide you with our services and in no event later than seven (7) years after deletion of your Customer account.
  • In the event you have requested PaaSoo to delete your Customer Account Data, PaaSoo shall keep the corresponding records including the transaction details up to seven (7) years to respond to legal requirements. Please note that in such case, your customer account will be automatically deleted, and no further services will be provided to you.

What happens if you request the deletion of your Customer Account Data?

Customer Account Data is necessary to maintain your account and to provide you with the services. Please be aware that should you request PaaSoo to delete your Customer Account Data, no further services will be provided to you and your customer account will be deleted. In such event you will not be relieved of your payment obligation.

In the event your Customer account is deleted, or our partnership is terminated, your Customer Account Data will be automatically deleted and subject to the policy described in this section in terms of retention period.

Traffic Data

PaaSoo will treat differently your end users’ message content and phone numbers as explained below.

Please note that in no event shall PaaSoo treat directly the requests from your end users. PaaSoo is only responsible to respond to your requests.

1. Message Content

PaaSoo will retain these records for as long you instruct and:

  • If no specific instruction is given to delete these records, then PaaSoo will store the Message content for as long as it is necessary to maintain your customer account and provide you with our services and in no event later than six (6) months after deletion of your Customer account.
  • In the event you have requested PaaSoo to delete the Message content, such data will be automatically deleted from PaaSoo records unless a copy of those records shall be kept to respond to some specific legal matters. For this purpose, please read the section “About Deletion”.

2. End-users Phone Numbers

PaaSoo will retain these records for as long you instruct and:

  • If no specific instruction is given to delete these records, then PaaSoo will store your end users phone numbers for as long as it is necessary to maintain your customer account and provide you with our services and in no event later than twenty-four (24) months after deletion of your Customer account.
  • In the event you have requested PaaSoo to delete your end-users’ phone numbers, such data will be automatically deleted from PaaSoo records unless a copy of those records shall be kept to respond to some specific legal matters. For this purpose, please read the section “About Deletion”.

3. Common rules of Traffic Data

What happens if you request the deletion of the Traffic Data?

The Traffic Data is necessary to provide you with the services and support. Please be aware that should you request PaaSoo to delete such data, no further services nor support will be provided to you and your customer account will be automatically deleted. In such event, you will not be relieved of your payment obligation.

PaaSoo may keep the analytics provided that they do not allow PaaSoo to identify you or any other individual. For this purpose, the data will be anonymized. An example of analytic that PaaSoo may record is the delivery rate per country.

What are your rights on personal information and how to exercise them?

At any time you have the right to access to your personal information, request modification or oppose the processing of your personal information.

Depending on the circumstances, you may:

  • Withdraw your consent when one of our uses is based on the latter;
  • Oppose yourself for a reason that is, in your situation, any use based on our legitimate interest or public interest;
  • Request that your personal data be shared with anyone when we hold it on the basis of a contract or your consent (right to portability);
  • Ask us to rectify or modify your personal data;
  • Ask us to keep your personal data without using it in the event of inaccuracy, illegality, when we review your request for objection or if you need this data for judicial purposes;
  • Ask us to delete your personal data when it is no longer needed, when you have withdrawn your consent or are opposed to use, or if you were a child at the time of collection (right to be forgotten).

You may exercise your rights by sending an email and specifying your request at privacy@paasoo.com.

About Deletion

You have the right to instruct us to delete your personal information. Please note that it may take a few days for the data to be completely removed from all systems. In some cases, a copy of those records, including the personal information contained in them, may nonetheless be retained to carry out necessary functions like billing, invoice reconciliation, troubleshooting, and detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse. Sometimes legal matters arise that also require us to preserve records, including those containing personal information. These matters include litigation, law enforcement requests, or government investigations. If we have to do this, we will delete the impacted records when no longer legally obligated to retain them. We may, however, retain or use records after they have been anonymized, if the law allows to do so.

Transfer of personal information outside EEA.

Transfer due to storage

PaaSoo is using third-party service providers (notably AWS) in order to back-up the data.

Traffic Data is stored in a server hosted by AWS in Singapore.

Please note that we have data protection addendums in place with our third party service providers that transfer your personal identifying information outside of the European Union. These data protection addendums ensure that sufficient measures are taken by our service providers to protect your personal identifying information in accordance with the European regulation on data protection (GDPR).

Transfer due to provision of the service

When PaaSoo acts as a processor, we act based on your instruction so the r content of communication are transferred from one country to another depending on your request. In such event we do not have control on the location of the data which may be transferred in or outside the EEA.

However, PaaSoo is implemented data protection addendum with its partners so that they are warrantying the same level of protection as the one stated in the GDPR.

How does PaaSoo secure personal information?

PaaSoo takes appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. All detailed measures are listed below. Encryption method are part of these measures. PaaSoo makes sure that the Traffic Data and your passwords are being encrypted when stored. Also, PaaSoo restricts access to your personal identifying information to employees who need this information in order to operate, develop or improve our services.

Security measures:

  • Encrypted communications: to prevent any misuse of your data, we have implemented various robust security mechanisms. HTTPS uses X.509 signed certificates allowing your browser to authenticate our server. HTTPS also uses cryptographic algorithms to encrypt any data in transit between your browser and our servers. This protects your data against eavesdropping / man-in-the-Middle attacks.
  • IP addresses whitelisting: upon requests, PaaSoo is able to restrict the customer dashboard and API requests access to whitelisted IP addresses only.
  • Encrypted data: the Customer Content and Customer Usage Data are stored in databases (in Paris, France, and Singapore) using advanced encryption technologies.
  • Customer Content and Customer Usage Data on customer dashboard: upon requests, PaaSoo is able to hide end user data (phone numbers and message contents) on customer dashboard.

Incident Notification. Upon becoming aware of a personal data breach, PaaSoo shall promptly notify you and shall provide information relating to the personal data breach as reasonably requested by you.

Confidentiality. PaaSoo restricts its personnel from processing personal data without authorization, and shall ensure that any person who is authorized by PaaSoo to process personal data is under an appropriate contractual obligation of confidentiality.